If somebody asked you, "Who owns your house?" you would probably say, "I do." If they asked you, "Who owns your car?" you would say, "I do."
But who owns you?
It's a simple question at face value. We're all about body autonomy in 2022, and most people would say that, of course, they own themselves. But what does that mean? What does it entail?
In the era of big data and artificial intelligence, 'we' are no longer just flesh and bone. Our identities are intertwined with terabytes of data: our social media profiles, our search engine habits, and our digital possessions.
The food we order on Uber Eats, the books we borrow from Amazon, the music we stream on Spotify – all of it is collected and collated by corporations and governments in order to create a comprehensive profile of our likes, dislikes, and interests.
This data is incredibly valuable. Facebook, Google, and other tech giants make billions of dollars every year by selling access to our personal data. Governments are also interested in collecting and collating our data, often for nefarious reasons. In the UK, for example, the government was caught illegally collecting citizens' Facebook data in order to target them with political ads.
So who owns this data? And what exactly can they do with it?
Your DNA Was Almost Patented
No, that's not clickbait – DNA patenting is the issue that got me thinking about data ownership in the first place. I recently had the privilege of speaking to Jorge Contreras, one of the leading global authorities on intellectual property law, and he enlightened me on some pretty crazy scientific history.
Jorge Contreras currently holds the rank of Presidential Scholar and Professor of Law at the University of Utah S.J. Quinney College of Law, with an adjunct appointment in the Department of Human Genetics at the University of Utah School of Medicine. He's recently written a book called The Genome Defense on the controversies of DNA patenting – an incredibly complex and fascinating topic.
Here's a brief rundown of the main points we discussed.
Gene Patenting in the 80s
In the United States, patents can be taken out on intellectual property – inventions, processes, and ideas. The patent holder has exclusive rights to the patented item for a set period of time (currently 20 years).
What can't be patented, however, are things occurring naturally in the world. You couldn't patent the sun, for example, because it occurs naturally. But you could patent a process for capturing the energy of the sun and turning it into electricity.
This is where things get complicated with DNA. Genes are found in nature, and as of 2013, this means that genes and DNA cannot be patented – but that wasn't always the case. From the 80s up until 2013, genes could be patented in the US. The reasoning was that, if a gene was extracted from its DNA strand, it could be considered a new and unnatural invention.
"That isolated and purified gene broken away from the chromosome doesn't exist in the human body, right? It exists along the chromosome, but it's bonded at its two ends to like the rest of the chromosome material. It's got all these other molecules attached to it when it's isolated outside of the body. It was considered to be a new thing, a new composition of matter, and so it was patentable," Jorge explained.
As you can imagine, this led to all sorts of controversies. The main issue was with certain breast cancer genes – when they were patented, testing for those genes became a lot more expensive and therefore inaccessible to many women who needed it.
Other patented genes included those associated with:
- Breast and ovarian cancers (BRCA1 and BRCA2),
- Colon cancers (HNPCC, FAP),
- Cystic fibrosis (CFTR),
- Hemochromatosis (HFE),
- Late-onset Alzheimer’s disease (Apo-E),
- Canavan disease,
- Charcot-Marie-Tooth disease (CMT-1A, CMT-X),
- Spinal muscular atrophy (SMN1), and
- Spinocerebellar ataxia (SCA1–12).
The US Patent Office eventually reversed its decision in 2013, largely due to the outcry of the scientific community and the public. While Jorge isn't against patents altogether, he certainly agrees that patents should not pose a barrier to human progression.
"Basic research tools and information about how the world and the human body works, that should be available to everyone to access and research – without having to pay a toll, and without having someone be able to cordon it off exclusively."
While our DNA was prevented from being owned and patented by law, the protection of other personal information – data that is incredibly influential on our lives – is lagging behind.
Who Owns Your Data?
I bring up the topic of DNA patenting for two reasons: one, because it's a fascinating topic in its own right, and two, because it illustrates the fact that the ethics surrounding information ownership are still evolving. The DNA patenting laws only changed in 2013 – very recent in the grand scheme of things – and there's a lot more we still need to figure out.
As it stands right now, here are some alarming facts about your personal data that you may not be aware of:
When you use incognito mode on your phone or laptop, your information is not made anonymous or untraceable. It just means Chrome and Safari won't store your browsing history, passwords, or autofill information. Your internet service provider (ISP) and the websites you visit can still see everything.
Although Facebook can't listen to your conversations (yes, the conspiracy has been disproven), Facebook can collect and sell information from pretty much everything you do on your phone. It doesn't even need to take place within the FB app. They track your search history, the ads you click on, the websites you visit, and even what time of day you're most active.
Healthcare providers – the organizations we place a lot of trust in – are among the worst offenders when it comes to data breaches. Personal data has been sold to third parties for everything from targeted advertising to election profiling.
GPS tracking is everywhere. If you download an app, use a website, or even just connect to a public Wi-Fi network, there's a good chance you're being tracked – and your physical movements are worth a lot of money to advertisers.
The internet of things (IoT) is a term used to describe the increasing number of devices that are connected to the internet. This includes everything from your fridge to your car. These devices collect and share data with each other, and with third-party companies, without our knowledge or consent.
'Smart' devices – like Amazon's Echo and Google Home – are always listening. While the companies swear that they only listen when you say their wake word, there have been several cases where Echos and Homes have recorded conversations that weren't meant to be heard.
As you can see, our personal data is under constant threat. It's collected and sold without our consent, often to third-party companies that we've never even heard of. And the scary thing is, we don't really know what they're doing with it.
Do You Own Your Data?
Despite the obvious issues surrounding data misuse, big corporations still don't technically own you or your data. Depending on who you ask, in fact, data isn't something that can be owned as property.
Here's an interesting thought, though – if someone can collect your data and sell it for enormous profits, or use it to shape your opinions and beliefs, could there be an argument of ownership? At least to the extent that your data is influential in your life?
This is an area that we're still figuring out. The law has not caught up to the complexities of data ownership in the same way that it has with DNA patenting. But as our lives move more and more online, and as artificial intelligence becomes more sophisticated, this is an issue that we're going to have to address.
How is Any Data Misuse Legal?
The realities of how our data is collected and used can be pretty horrifying. There have been plenty of instances where companies are persecuted for the ways in which they've mishandled our data, which has helped to shape our current understanding of data ownership.
But here's the kicker – most instances of data 'misuse' are technically legal.
When was the last time you read all the way through an app's terms and conditions? Or the privacy policy of a website? If you're like most people, the answer is probably never. And that's because these documents are long, dry, and filled with legal jargon that most of us can't understand.
This isn't because companies are too lazy to make themselves clear – it's a very purposeful strategy on their part. By burying their data misuse in legal terms, companies can ensure that they're not held liable for any damage done.
Facebook's privacy policy, for instance, takes around 18 minutes to read in full. It's also been analyzed in terms of reading complexity, and research shows that it is likely too complicated and dense for the majority of US adults to understand.
If you're interested in learning more about privacy policies, there's an excellent piece of interactive journalism by Kevin Litman-Navarro that gives a visual of 150 different policies, their complexity, and how much they've changed over time. You can find it here.
Is Data Ownership Really That Bad?
It's easy to sit here and villainize the use of big data by corporations. In reality, though, there are some incredibly valid and sound reasons for why data is collected and used the way it is.
Take, for example, our current healthcare system. There's a reason we're shifting towards electronic health records (EHRs) – they make the process of providing care much more efficient and accurate. EHRs allow doctors to access a patient's medical history quickly and easily, without having to track down paper records.
This is just one small example of how data can be used for good. And it's not just healthcare – data is being used in smart cities to improve traffic flow, in agriculture to increase crop yields, and even in retail to create more personalized customer experiences.
If you reflect on your own life, you'll begin to notice that data is being used in all sorts of ways to make your life easier and more efficient.
Spotify's seamless weaving of consumer data into its curation algorithms, for instance, exposes us to more of the music we love. Our GPS data helps to make Google Maps more accurate, and our purchase histories are used to create targeted ads (which are pretty helpful at times – let's be honest).
At its core, data is just a collection of information. In a sense, it is internet currency – it's our payment for accessing a tailored and comprehensive online space, one that knows us almost better than we know ourselves.
So, What's the Issue?
When push comes to shove, the issue comes down to two main factors: autonomy and access.
First, let's talk about autonomy. Autonomy is the idea that we should be able to control our own lives and make decisions without undue influence from others. When it comes to data, this means that we should be able to access our own data, change it if we want to, and delete it if we choose.
Autonomy is put at risk when our data is no longer within our control. You choose to download the app, so technically you agree to everything it entails – but it's hard to give autonomous consent to a policy you don't understand. And it's even harder to change or delete data when you don't have access to it.
The second issue is access, and this relates back to DNA patenting. When someone else owns information pertaining to your health, for example – like the way that certain breast cancer genes were owned and controlled by a private company – you can't access it, which severely limits your autonomy.
Access is also limited when companies sell your data to third parties. You no longer have access to the digital path your data has taken, and therefore, you can't autonomously control how it is used.
What's the Solution?
At this stage, the best solution I see for owning your data is increased awareness. Read up on the apps and services you use. Keep an eye out for data breaches as they appear in the media or in court. Lock your passwords up tight and use VNP and encryption services whenever possible.
Because this is the way forward – to continue the discussion until it evolves. Going back to my conversation with Jorge Contreras, it took four whole years to prepare a winning case against the company patenting breast cancer genes, but the time and effort were well worth the outcome.
"You need a public advocate," Jorge said. "Before [the trial], it was just the land of experts – industry lobbyists, patent lawyers, and company representatives. They were the only ones who were even paying attention, so of course, they are going to shape the rules if there aren't that many public advocates and public watchdogs out there. But [DNA patenting] is now being watched by very vocal and articulate and smart organizations."
In data privacy, we've already seen some infamous court cases go through; the Cambridge Analytica scandal, for instance, or last year's takedown of Google LLC by the ACCC (Australian Competition and Consumer Commission). Equifax lost $575 million for data breaches in 2017.
There have also been some positive changes in legislation around data ownership. In the European Union, for example, the General Data Protection Regulation (GDPR) was introduced in May of 2018.
This regulation gives individuals more control over their data, including the right to access it, change it, and delete it. It's considered the toughest data privacy law in the world, and it's inspired similar legislation in other countries, such as Canada and Argentina.
We need more regulation like this, and we also need better education around data ownership. We need to be vocal about our concerns, and we need to hold companies accountable when they violate our trust.
Have you experienced a loss of autonomy over your data? It's likely you've never had reason to complain, but this is precisely why we need to start paying attention. A lot of our agency disappears without our knowledge.
If you're interested in hearing more from Jorge Contreras, take a listen to his interview on the Success Story podcast here. I hardly knew anything about DNA patenting before speaking with him – and trust me, this stuff doesn't pull any punches.
Until next time!